| Text Size |

China's Take on Cyber-War
China Youth Daily published an essay June 3 written by two staff members at the People's Liberation Army's (PLA's) Academy of Military Science that illuminates China's take on cyber-war. "How to Fight Network War?" by Col. Ye Zheng and his associate Zhao Baoxian analyzes the opportunities and challenges offered by network warfare, including offensive, defensive and espionage efforts against adversary computer networks. While these challenges are nothing new to network security, the essay does provide some interesting insight into the PLA's thinking about fighting and spying via the Internet.
The authors outline five military uses for the Internet, which, as a true double-edged sword, offers both threats and opportunities. The first use is intelligence collection. The authors note that much of this intelligence is public, open-source information spread across the Internet that can be collated into something more valuable than the sum of its parts. And through creative manipulation of the Internet, including hacking, even more valuable intelligence can be gleaned. The second military purpose is network paralysis -- using botnets and viruses to disable websites, communications systems and even physical targets in the Stuxnet attacks. The third military use is network defense against the second type, and this requires a holistic system of active defenses to identify attacks and prevent sensitive information from being exposed.
The fourth operational purpose of the Internet, according to Ye and Zhao, is "psychological warfare." They noted that American publications have called the Internet the main battleground for public opinion and that the online organizing of opposition groups in Egypt and other parts of North Africa and the Middle East this spring is a good example of this form of cyber-warfare. The fifth military purpose is using Internet technology to achieve effects on the battlefield, though being able to achieve predictable effects on a time frame necessary for planning and conducting an integrated military campaign continues to be a technical challenge.
The June 3 essay in China Youth Daily is notably similar to pieces written by U.S. military scholars and Defense Department officials with a unique focus on psychological warfare. China's military has long seen psychological warfare as a force multiplier against foreign powers with greater conventional military capabilities, and in the current global environment, Chinese officials are very concerned about China being a victim. In a separate response to recent news of new U.S. cyber-war strategy, the "architect" of the Great Firewall, Fang Binxing, who is regularly involved in designing networks to block outside information, said the United States interferes in the domestic affairs of other countries through the Internet. His statement reflects the Chinese concern over foreign-based actors such as those behind the Jasmine movement and advocacy groups for internal Chinese dissidents like the Southern Mongolian Human Rights Information Center. Some of these groups incite protests while others simply spread information, particularly through social media. Beijing sees such information spread this way as an inherent threat to Chinese interests.
While the potential of cyber-espionage and physical attacks through Internet technologies is a serious concern in China and elsewhere, Beijing seems more worried about the Internet's being used by other countries to break through its Internet controls for psychological warfare purposes -- in other words, to inflame public opinion and create social unrest, which is the government's top concern. But it is also, at least rhetorically, concerned about recent U.S. statements that a cyber-attack could be responded to by a conventional one. Li Shuisheng, a research fellow at the Academy of Military Science, said such U.S. statements were a warning geared to maintain U.S. military superiority. The concern is that the United States could decide to hold a government responsible for any attack within its borders, whether the act of aggression is conducted through the Internet or by using more traditional military means.
The Attribution Problem
On June 1, Google publicly blamed individuals in Jinan, Shandong province, for a coordinated series of "spear phishing" attacks on Gmail accounts that security experts had observed since February. These attacks did not involve the actual hacking of Google's computer infrastructure but instead were intelligence-gathering attempts specifically targeting the personal email accounts of U.S. and South Korean government employees, among others.
The attacks have yet to be traced back to Chinese state intelligence organizations or specific individuals in the country, even though the attacks fit squarely within the Chinese method of mosaic intelligence-gathering. A Chinese Foreign Ministry spokesman called Google's allegations "unacceptable." The issue highlights the intelligence threat that anyone, including the Chinese, can pose online and the challenges of identifying the source of the attack and devising an effective response.
A substantial amount of intelligence and careful coordination went into the most recent attacks against Google. According to the company, whoever coordinated the attacks identified personal rather than government or business email accounts and the targets were "senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists." Spear phishing involves specific emails designed to look real to the victims in order to get them to release passwords or other personal information. A wide range of intelligence must be gathered, including contact information on the individual targets and their associates and the various issues they work on and interests they pursue. This would not require a state intelligence agency, but it would require significant resources, particularly time and people.
The attackers sent emails that appeared to be from known personal contacts to the targeted individuals' Gmail accounts. The emails included links that would prompt the targets to sign in again into their accounts but on another website where their passwords would be stolen. With this information, the hackers could collect whatever came through the victims' personal accounts and quietly forward the emails to another account.
Google specifically pinpointed the attacks as originating in Jinan, a city in Shandong province already notorious as a hacking center. It is home to the Lanxiang Vocational School, the source of the January 2009 hacking attack on Google's servers as well as other intelligence-gathering attacks. But a report by Mila Parkour in the blog Contagio Malware Dump, which publicizes new malicious software (malware), noted that servers in New York, Hong Kong and Seoul were also used. Google has long been at odds with the Chinese government, which recently called the search engine the "new opium" in a People's Daily editorial. But Google may also have unreleased information leading it to Jinan, which is a common origin of these types of attacks.
Whether or not the perpetrators belonged to an official entity, the attack did fit the Chinese espionage pattern known as mosaic intelligence-gathering. China has long been developing cyber-espionage capabilities that target businesses as well as foreign governments. The personal accounts themselves may actually reveal very little information about government work, but they could provide leads for collecting other intelligence or detect weak points in a network's operational security. If China -- specifically the Third Department of the PLA or the Seventh Bureau of the Military Intelligence Department, which are most responsible for the country's cyber-espionage -- is responsible for the Google attack, the small bits of intelligence it collected will all be part of the mosaic it is building to better understand U.S. or South Korean policies and plans or to find and disrupt political dissidents.
While the forensic effort required to investigate these attacks is daunting (as are the political ramifications), Google provides some cogent advice for protecting personal email accounts: Gmail users should be aware that phishing probes are not always as simple as the Nigerian princess asking for your bank account information; they often involve someone impersonating a known contact to acquire your email address, password and other proprietary information. To guard against this, email users should employ passwords that would be difficult for a stranger to figure out, change the passwords regularly and watch for suspicious activity on the account.
This is especially important because while U.S. officials may be a major target, foreign intelligence agencies and cyber criminals are consistently targeting business people in economic espionage.
(click here to view interactive map)
June 1
June 2
June 3
June 5
June 6